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CLAIMS 

1 A mobile agent device in a Mobile Virtual Private Network, said device 
comprising: 

- Termination of Mobile IP tunnel from a remotely connecting Mobile Node; 

- Termination of an IPSec VPN tunnel from the remotely connecting Mobile 
Node; 

- Dynamic Selection of internal Mobile IP Home Agent based on user 
Authentication; 

- Tunneling of traffic to and/or from the assigned Internal Mobile Home Agent 
for this Mobile Node; 

- Provision of extended authentication, after Mobile IP connection 
establishment, and during the VPN negotiation phase, based on extra user 
credentials, one-time-password mechanism or similar. 

2. A device according to claim 1 , wherein the mobile agent device appears as a 
Mobile IP Foreign Agent towards the Internal Home Agent. 

3. A device according to claim 1 , wherein the mobile agent device appears as a 
Mobile IP Home Agent towards the remotely connecting Mobile Node. 

4. A device according to claim 1 , wherein the mobile agent device provides a 
dynamically assigned Mobile IP address to the Mobile Node, if requested to do so by 
the Mobile Node. 

5. A device according to claim 1 , wherein the mobile agent device provides a 
termination point for IKE & IPSec VPN connections from a remotely connecting 
Mobile Node. 

6. A device according to claim 1 , wherein IP encapsulated tunneling is used for 
transfer of traffic between the mobile agent device and the Internal Home Agent. 

7. The device recited in claim A, wherein UDP encapsulated tunneling is used 
for transfer of traffic between the mobile agent device and the Internal Home Agent. 


WO 2005/069577 18 PCT/SE2005/000040 

8. A device according to claim 1 , wherein traffic can be routed directly from the 
mobile agent device towards its destination, on receipt from the mobile node. 

5 9. A device according to claim 1 , wherein IP encapsulated tunneling is used for 
transfer of traffic between the mobile node and the mobile agent device. 

10. A device according to claim 1, wherein UDP encapsulated tunneling is used 
for transfer of traffic between the mobile node and the mobile agent device. 

10 

11. A device according to claim 9 or 1 0, wherein IPSec tunneling is used for 
protection of the transfer of traffic between the mobile node and the mobile agent 
device, within said encapsulation. 

15 12. A device according to claim 1 , further comprising restriction of user access to 
the internal home agent or internal network, until extended user authentication is 
carried out. 

13. A device according to claim 1 , further comprising time and volume based 
20 accounting is carried out a per Mobile Node basis. 

14. A device according to claim 1 , further comprising the dynamic assignment of 
a new T-HA Public IP Address to the MN to use for registration of the remote 
connection. 
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